But the question on everybody's minds was: what if the attackers had succeeded?
Critical infrastructure, in the Gulf region's context, comprises of sectors that constitute the backbone of its social and economic security. These include oil & gas, utilities, telecommunications, transportation and industrial manufacturing sectors. Any attack on these sectors could result in equipment impairment and production loss at the most basic to crippling financial losses, environmental damage and loss of human life at the worst.
As their operations increasingly move online, critical infrastructure installations are also at risk from cyber attacks. According to the
Computer controlled systems, such as the Supervisory Control and Data Acquisition (SCADA) and Distributed Control System (DCS), are now mainstays in various sectors, monitoring and controlling highly critical infrastructure across oil & gas, power, distribution and aluminium. From checking temperatures and water levels to managing physical infrastructure, these automated systems and communications technologies have helped the industry to run more efficiently.
Don Codling, former Cyber Security Chief and 23-year veteran of the
They couldn't have forseen that someone with malicious intent would use that tool to bring down power plants or refineries. If I had to develop and design something today, I will always use encryption instead of open protocol." Codling was one of the keynote speakers at
He continues: "In any conflict, you will see that the enemy always targets infrastructure. In the past, you had weapons of destruction; today, you have the Internet." Codling believes that officials responsible for critical infrastructure protection in the region understand the nature of the problem because societal and economic progress of a nation is underpinned by solid infrastructure.
"It usually takes a disaster to remind us how important infrastructure is to our society and our way of life," he says. "The most important thing is to have the leadership of the individual sectors understand this is a concern." For example, in the US, following a presidential directive, critical infrastructure owners and operators established sector-specific Information Sharing and Analysis Centres (ISACS) that share information about threats and vulnerabilities pertaining to their respective sectors. Most ISACs have 24/7 threat warning and incident reporting capabilities which are critical to the success of protecting critical infrastructure.
"ISACS and ICS-CERT have been successful because they are backed by legislation, presidential directives and a national consensus," says Codling. "They provide a platform for subject matter experts from the public and private sectors to come together and talk to each other. "
Such best practices are making their way into the region as well. For example, the
Senior IT Engineer at Kuwait Gulf Oil Company Abdullah Al-Akhawand cautions that cyber risks cannot be mitigated through technology alone. He elaborates: "It is not only the technology; it is also about behaviour, processes, practices, right certifications and putting in place governance and security policies that not only look at the enterprise side but also the control side."
He also adds that cyber risk is a key topic at board level discussions and is considered as part of the IT risk landscape.
From a risk mitigation standpoint, insurance companies like Marsh are coming out with specialised cyber insurance products to help energy companies develop and implement more comprehensive risk mitigation and risk planning strategies.
Exclusion clauses in standard commercial insurance policies stipulate that cover will not be provided for bodily injury, property damage and business interruption arising from a hacking event. Marsh's
The nature of the threats and significance of critical infrastructure to economic and social well-being means governments, more than anybody else, will have to take the lead, preferably through legislation, to persuade infrastructure operators to adopt rigorous risk management practices commensurate to the threat at hand.
Equally important, critical infrastructure security solutions that are adopted by these operators should integrate both modern cyber security and traditional physical security to present a combined front.
Network video offers excellent possibilities for the operator of a plant to integrate security, safety and production control in one system. A central system combines the supervision of all processes, video surveillance, intrusion protection and access control, allowing security staff to reliably detect, verify and identify alarms – both from remote sites as well as from a centrally located control room.
When planning and designing a system for the surveillance and protection of critical infrastructure, choosing the right network cameras and where they should be placed is a good starting point, regardless of what other technologies are being used. For example, low light sensitive cameras and thermal cameras can be combined for better detection and verification of intruders.
Protecting long perimeters, monitoring entrances and exits and safeguarding potentially hazardous areas are some of the main concerns of the security manager. The protective measures need to be defined based on a risk and hazard analysis that also takes into account accuracy, affordability, maintenance, ease of customisation and integration of the security solution with other systems.
Breaking it down For perimeter protection there are many different technologies available to detect an intruder like microwave, fibre-fence sensors, seismic sensors and radar alerts. Network cameras can be combined with these technologies to protect infrastructure.
In a typical set up, detection would be provided by network thermal cameras equipped with intelligent video analytics. A thermal camera works just as well in complete darkness as in daylight, and environmental disturbances, like rain, fog, sun, foliage or small animals are kept to a minimum thus influencing the intelligent algorithm as little as possible. In the case of an event being detected, the thermal cameras automatically trigger images from a PTZ dome camera that, thanks to HDTV image quality, permit the security manager to capture details of the situation. Was it an animal or leaves or was it a human being trying to sabotage the system? This information is crucial when deciding what action to take and who to send out.
To ensure as much functionality as possible, each camera is independent and is able to provide information as long as it is connected to the IP infrastructure. In case of communication failure, the camera can record on an embedded SD-card for future analysis.
Pipelines and critical areas
Distribution systems are perhaps the most vulnerable parts of the supply chain and the costliest to protect. For example, pipelines transporting gas from remotely located exploration sites over vast unpopulated areas are very difficult to protect. Hence, remote supervision is a must. Information from the thermal camera, enhanced by images from a PTZ dome camera, provides enough detail for the operator to make the appropriate decisions. Along with perimeter access, it is also important to control access and flow within critical areas. Being able to monitor exits during evacuation is important to ensure that nobody is left inside and potentially in danger. Network video linked to access control systems offers faster and more accurate access management facilitated by instant access to live or recorded video, sound and data.
Cameras with image enhancing technology allow security managers to see what is happening even in low light; for example emergency exit lights can be sufficient to provide details of the scene. Advanced capabilities include video and audio information connected to an access control system for an intercom, virtual gates, virtual fences, audio detection and counting people going in and out of the facility. In case of obstruction by environmental factors such as fog or smoke, thermal cameras can be used.
Production continuity Apart from safety and security, integrating the camera system into the production system can help in monitoring production efficiency, visually inspecting and verifying functions and processes, and providing remote assistance with planned maintenance. It also helps ensure safety rules and processes are being followed, and tools and equipment are being managed properly.
It is important to work with open standards and protocols in order to facilitate the integration of systems, enabling manufacturers to integrate the various production components into one management system. For example, SCADA systems can integrate network video to provide information on temperature, pressure and speed meters. Or, if you have a control room in a facility where you control the pumping station, live images of sensors can provide visual confirmation in addition to data.
Scalable solutions A network video system is especially useful to critical infrastructure operators since it allows them to be present virtually anywhere. Whenever there is the need to involve third parties such as the police, fire services or government bodies, a network video system not only helps with the fast detection and evaluation of the situation, it also allows two-way communication for security managers, encouraging cooperation among different entities and agencies.
Increased threats and security breach incidents are fuelling investments in IT security solutions, with organisations now adopting predictive rather than reactive strategies when it comes to protecting business infrastructure. Printers have become very advanced due to their operating systems, internal hard disks, CPUs and network capabilities, yet many companies still do not consider them as a main security threat. Common security threats for printers include document theft, unauthorised access, saved copies on internal storage, hacking and network sniffing. Then there are the risks associated with unsecured printers and multi-functional printers (MFP). In addition, a complexity of mixed printer fleets can introduce a greater risk and companies should conduct a security assessment of the print environment to uncover any weaknesses. Ideally, a print security strategy should be integrated with an overall information security approach. Solutions like Canon's Managed Print Solutions (MPS) would drive the adoption of print security and ensure seamless interactions between machines without compromising on quality or efficiency.
THE RIGHT Questions In order to understand how best to go about adopting an MPS and how to maximise its effectiveness, buyers should ask the following: • Who do I need to speak to from the senior management to implement MPS and how do I communicate the benefits to my colleagues? • What are my 'day one' costs and how do I ensure MPS providers use my cost model? • How do I create an output strategy that meets my organisation's needs? • What deliverables should I include in my service level agreement with my MPS provider? • How do I incorporate security and compliance in a workplace where people share devices and occasionally travel with them for business purposes?
Today, with the increase of personal devices inside the enterprise, it has become impossible to continue with only device specific security functions. It is now possible for data to be shared beyond an organisation's secure cloud or company network. Organisations need to consider integrated hardware and software solutions that create an information centric approach to ensuring document security.
Document control and rights management is crucial when dealing with sensitive content. I am sure that it will be on par with cybersecurity soon as the solutions for the two issues often complement each other.
Most Popular Stories
- Rackspace Ends Talks About Possible Acquisition
- Mercedes Rolls Out S550 Plug-in Hybrid
- FedEx Adding 50,000 Holiday Jobs
- Toxic Algae Threatens Florida Fishing, Tourism
- Plus-Size iPhones Live Up to The Hype
- Missouri GM Plant Adding 750 jobs
- Family Dollar Spurning Bid From Dollar General
- Cool Features on Today's New iOS 8
- Kohl's Hiring 67,000 for the Holidays
- Poverty Rate Drops for First Time Since 2006